Category: VRM (page 1 of 24)

VRM is Me2B

Most of us weren’t at the latest VRM Day or IIW (both of which happened in the week before last), so I’ll fill you in on a cool development there: a working synonym for VRM that makes a helluva lot more sense and may have a lot more box office.

That synonym is Me2B.

And by “we” I mean Lisa Lavasseur, who in addition to everything behind that link, runs the new Me2B Alliance, which features the graphic there on the right, (suggesting an individual in a driver’s seat). She is also is the Vice Chair of the  IEEE 7012 Standard for Machine Readable Personal Privacy Terms, a new effort with which some of us are also involved.

Lisa led many sessions at IIW, mostly toward solidifying what the Me2B Alliance will do. If you stay tuned to me2b.us, you can see how that work grows and evolves.

The main thing for me, in the here and now, is to share how much I like Me2B as a synonym for VRM.

It is  also a synonym for C2B, of course; but it’s more personal. I also think it may have what it takes to imply Archimedes-grade leverage for individuals in the marketplace. For more on what I mean by that, see any or all of these:EIC award

I’m also putting this up to help me prep for mentioning Me2B tomorrow during this talk at the  2019 European Identity & Cloud Conference. It was at this same conference in 2008 that ProjectVRM won its first award. That’s it there on the right.

It’s becoming clear now that we were were way ahead of a time that finally seems to be arriving.

Personal scale

Way back in 1995, when our family was still new to the Web, my wife asked a question that is one of the big reasons I started ProjectVRM: Why can’t I take my own shopping cart from one site to another?

The bad but true answer is that every site wants you to use their shopping cart. The good but not-yet-true answer is that nobody has invented it yet. By that I mean: not  a truly personal one, based on open standards that make it possible for lots of developers to compete at making the best personal shopping cart for you.

Think about what you might be able to do with a PSC (Personal Shopping Cart) online that you can’t do with a physical one offline:

  • Take it from store to store, just as you do with your browser. This should go without saying, but it’s still worth repeating, because it would be way cool.
  • Have a list of everything parked already in your carts within each store.
  • Know what prices have changed, or are about to change, for the products in your carts in each store.
  • Notify every retailer you trust that you intend to buy X, Y or Z, with restrictions (meaning your terms and conditions) on the use of that information, and in a way that will let you know if those restrictions are violated. This is called intentcasting, and there are a pile of companies already in that business.
  • Have a way to change your name and other contact information, for all the stores you deal with, in one move.
  • Control your subscriptions to each store’s emailings and promotional materials.
  • Have your  own way to express genuine loyalty , rather than suffering with as many coercive and goofy “loyalty programs” as there are companies
  • Have a standard way to share your experiences with the companies that make and sell the products you’ve bought, and to suggest improvements—and for those companies to share back updates and improvements you should know about.
  • Have wallets of your own, rather than only those provided by platforms.
  • Connect to your collection of receipts, instruction manuals and other relevant information for all the stuff you’ve already bought or currently rent. (Note that this collection is for the Internet of your things—one you control for yourself, and is not a set of suction cups on corporate tentacles.)
  • Your own standard way to call for service or support, for stuff you’ve bought or rented, rather than suffering with as many different ways to do that as there are companies you’ve engaged

All of these things are Me2B, and will give each of us scale, much as the standards that make the Internet, browsers and email all give us scale. And that scale will be just as good for the companies we deal with as are the Internet, browsers and email.

If you think “none of the stores out there will want any of this, because they won’t control it,” think about what personal operating systems and browsers on every device have already done for stores by making the customer interface standard. What we’re talking about here is enlarging that interface.

I’d love to see if there is any economics research and/or scholarship on personal scale and its leverage (such as personal operating systems, devices and browsers give us) in the digital world). Because it’s a case that needs to be made.

Of course, there’s money to me made as well, because there will be so many more, better and standard ways for companies to deal with customers than current tools (including email, apps and browsers) can by themselves.

The Wurst of the Web

Don’t think about what’s wrong on the Web. Think about what pays for it. Better yet, look at it.

Start by installing Privacy Badger in your browser. Then look at what it tells you about every site you visit. With very few exceptions (e.g. Internet Archive and Wikipedia), all are putting tracking beacons (the wurst cookie flavor) in your browser. These then announce your presence to many third parties, mostly unknown and all unseen, at nearly every subsequent site you visit, so you can be followed and profiled and advertised at. And your profile might be used for purposes other than advertising. There’s no way to tell.

This practice—tracking people without their invitation or knowledge—is at the dark heart and sold soul of what Shoshana Zuboff calls Surveillance Capitalism and Brett Frischmann and Evan Selinger call Re-engineering Humanity. (The italicized links go to books on the topic, both of which came out in the last year. Buy them.)

While that system’s business is innocuously and misleadingly called advertising, the surveilling part of it is called adtechThe most direct ancestor of adtech is not old fashioned brand advertising. It’s direct marketing, best known as junk mail. (I explain the difference in Separating Advertising’s Wheat and Chaff.) 

In the online world, brand advertising and adtech look the same, but underneath they are as different as bread and dirt. While brand advertising is aimed at broad populations and sponsors media it considers worthwhile, adtech does neither. Like junk mail, adtech wants to be personal, wants a direct response, and ignores massive negative externalities. It also uses media to mark, track and advertise at eyeballs, wherever those eyeballs might show up. (This is how, for example, a Wall Street Journal reader’s eyeballs get shot with an ad for, say, Warby Parker, on Breitbart.) So adtech follows people, profiles them, and adjusts its offerings to maximize engagement, meaning getting a click. It also works constantly to put better crosshairs on the brains of its human targets; and it does this for both advertisers and other entities interested in influencing people. (For example, to swing an election.)

For most reporters covering this, the main objects of interest are the two biggest advertising intermediaries in the world: Facebook and Google. That’s understandable, but they’re just the tip of the wurstberg.  Also, in the case of Facebook, it’s quite possible that it can’t fix itself. See here:

How easy do you think it is for Facebook to change: to respond positively to market and regulatory pressures?

Consider this possibility: it can’t.

One reason is structural. Facebook is comprised of many data centers, each the size of a Walmart or few, scattered around the world and costing many $billions to build and maintain. Those data centers maintain a vast and closed habitat where more than two billion human beings share all kinds of revealing personal shit about themselves and each other, while providing countless ways for anybody on Earth, at any budget level, to micro-target ads at highly characterized human targets, using up to millions of different combinations of targeting characteristics (including ones provided by parties outside Facebook, such as Cambridge Analytica, which have deep psychological profiles of millions of Facebook members). Hey, what could go wrong?

In three words, the whole thing.

The other reason is operational. We can see that in how Facebook has handed fixing what’s wrong with it over to thousands of human beings, all hired to do what The Wall Street Journal calls “The Worst Job in Technology: Staring at Human Depravity to Keep It Off Facebook.” Note that this is not the job of robots, AI, ML or any of the other forms of computing magic you’d like to think Facebook would be good at. Alas, even Facebook is still a long way from teaching machines to know what’s unconscionable. And can’t in the long run, because machines don’t have a conscience, much less an able one.

You know Goethe’s (or hell, Disney’s) story of The Sorceror’s Apprentice? Look it up. It’ll help. Because Mark Zuckerberg is both the the sorcerer and the apprentice in the Facebook version of the story. Worse, Zuck doesn’t have the mastery level of either one.

Nobody, not even Zuck, has enough power to control the evil spirits released by giant machines designed to violate personal privacy, produce echo chambers beyond counting and amplify tribal prejudices (including genocidal ones)—besides whatever good it does for users and advertisers.

The hard work here is lsolving the problems that corrupted Facebook so thoroughly, and are doing the same to all the media that depend on surveillance capitalism to re-engineer us all.

Meanwhile, because lawmaking is moving apace in any case, we should also come up with model laws and regulations that insist on respect for private spaces online. The browser is a private space, so let’s start there.

Here’s one constructive suggestion: get the browser makers to meet next month at IIW, an unconference that convenes twice a year at the Computer History Museum in Silicon Valley, and work this out.

Ann Cavoukian (@AnnCavoukian) got things going on the organizational side with Privacy By Design, which is now also embodied in the GDPR. She has also made clear that the same principles should apply on the individual’s side.  So let’s call the challenge there Privacy By Default. And let’s have it work the same in all browsers.

I think it’s really pretty simple: the default is no. If we want to be tracked for targeted advertising or other marketing purposes, we should have ways to opt into that. But not some modification of the ways we have now, where every @#$%& website has its own methods, policies and terms, none of which we can track or audit. That is broken beyond repair and needs to be pushed off a cliff.

Among the capabilities we need on our side are 1) knowing what we have opted into, and 2) ways to audit what is done with information we have given to organizations, or has been gleaned about us in the course of our actions in the digital world. Until we have ways of doing both,  we need to zero-base the way targeted advertising and marketing is done in the digital world. Because spying on people without an invitation or a court order is just as wrong in the digital world as it is in the natural one. And you don’t need spying to target.

And don’t worry about lost business. There are many larger markets to be made on the other side of that line in the sand than we have right now in a world where more than 2 billion people block ads, and among the reasons they give are “Ads might compromise my online privacy,” and “Stop ads being personalized.”

Those markets will be larger because incentives will be aligned around customer agency. And they’ll want a lot more from the market’s supply side than surveillance based sausage, looking for clicks.

VRM TBDs

Every construction project has a punch list of to-be-done items.  Since we’ve been at this for a dozen years, and have a rather long list of development works in progress on our wiki,  now seems like a good time and place to list what still needs to be done, but from the individual’s point of view. In other words, things they need but don’t have yet.

So  here is a  punch list of those things, in the form of a static page rather than a post such as this one. There is also a shortcut to the punch list in the menu above.

For the record, here’s that list as it stands today:

  1. Make companies agree to our terms, rather than the other way around.
  2. Have real relationships with companies, based on open standards and code, rather than relationships trapped inside corporate silos, each with their own very different ways of managing customer relationships (CRM), “delivering” a “customer experience” (aka CX), leading us on a “journey” or having us “join the conversation.”
  3. Standardizing the ways we relate to the service sides of companies, both for requesting service and for exchanging useful data in the course of owning a product or renting a service, so market intelligence flows both ways, and the “customer journey” becomes a virtuous cycle.
  4. Control our own self-sovereign identities, and give others what little they need to know about us on an as-needed basis.
  5. Get rid of logins and passwords.
  6. Change our personal details (surname, phone number, email or home address) in the records of all the organizations we deal with, in one move.
  7. Pay what we want, where we want, for whatever we want, in our own ways.
  8. Call for service or support in one simple and straightforward way of our own, rather than in as many ways as there are 800 numbers to call and numbers to punch into a phone before we wait on hold while bad music plays.
  9. Express loyalty in our own ways, which are genuine rather than coerced.
  10. Have an Internet of MY Things, which each of us controls for ourselves, and in which every thing we own has its own cloud, which we control as well.
  11. Own and control all our health and fitness records, and how others use them.
  12. Have wallets of our own, rather than only those provided by platforms.
  13. Have shopping carts of our own, which we can take from store to store and site to site online, rather than being tied to ones provided only by the stores themselves.
  14. Have personal devices of our own (such as this one) that aren’t cells in a corporate silo, or suction cups on corporate tentacles. (Alas, that’s what we still have with all Apple iOS phones and tablets, and all Android devices with embedded Google apps.)
  15. Remake education around the power we all have to teach ourselves and lean from each other, making optional at most the formal educational systems built more for maintaining bell curves than liberating the inherent genius of every student.

Please help us improve and correct it.

[The photo is from this collection.]

The only path from subscription hell to subscription heaven

I subscribe to Vanity Fair. I also get one of its newsletters, replicated on a website called The Hive. At the top of the latest Hive is this come-on: “For all that and more, don’t forget to sign up for our metered paywall, the greatest innovation since Nitroglycerin, the Allman Brothers, and the Hangzhou Grand Canal.”

When I clicked on the metered paywall link, it took me to a plain old subscription page. So I thought, “Hey, since they have tracking cruft appended to that link, shouldn’t it take me to a page that says something like, “Hi, Doc! Thanks for clicking, but we know you’re already a paying subscriber, so don’t worry about the paywall”?

So I clicked on the Customer Care link to make that suggestion. This took me to a login page, where my password manager filled in the blanks with one of my secondary email addresses. That got me to my account, which says my Condé Nast subscriptions look like this:

Oddly, the email address at the bottom there is my primary one, not the one I just logged in with.  (Also oddly, I still get Wired.)

So I went to the Vanity Fair home page, found myself logged in there, and clicked on “My Account.” This took me to a page that said my email address was my primary one, and provided a way to change my password, to subscribe or unsubscribe to four newsletters, and a way to “Receive a weekly digest of stories featuring the players you care about the most.” The link below said “Start following people.” No way to check my account itself.

So I logged out from the account page I reached through the Customer Care link, and logged in with my primary email address, again using my password manager. That got me to an account page with the same account information you see above.

It’s interesting that I have two logins for one account. But that’s beside more important points, one of which I made with this message I wrote for Customer Care in the box provided for that:

Curious to know where I stand with this new “metered paywall” thing mentioned in the latest Hive newsletter. When I go to the link there — https://subscribe.condenastdigital.com/s… — I get an apparently standard subscription page. I’m guessing I’m covered, but I don’t know. Also, even as a subscriber I’m being followed online by 20 or more trackers (reports Privacy Badger), supposedly for personalized advertising purposes, but likely also for other purposes by Condé Nast’s third parties. (Meaning not just Google, Facebook and Amazon, but Parsely and indexww, which I’ve never heard of and don’t trust. And frankly I don’t trust those first three either.) As a subscriber I’d want to be followed only by Vanity Fair and Condé Nast for their own service-providing and analytic purposes, and not by who-knows-what by all those others. If you could pass that request along, I thank you. Cheers, Doc

When I clicked on the Submit button, I got this:

An error occurred while processing your request.An error occurred while processing your request.

Please call our Customer Care Department at 1-800-667-0015 for immediate assistance or visit Vanity Fair Customer Care online.

Invalid logging session ID (lsid) passed in on the URL. Unable to serve the servlet you’ve requested.

So there ya go: one among .X zillion other examples of subscription hell, differing only in details.

Fortunately, there is a better way. Read on.

The Path

The only way to pave a path from subscription and customer service hell to the heaven we’ve never had is by  normalizing the ways both work, across all of business. And we can only do this from the customer’s side. There is no other way. We need standard VRM tools to deal with the CRM and CX systems that exist on the providers’ side.

We’ve done this before.

We fixed networking, publishing and mailing online with the simple and open standards that gave us the Internet, the Web and email. All those standards were easy for everyone to work with, supported boundless economic and social benefits, and began with the assumption that individuals are full-privilege agents in the world.

The standards we need here should make each individual subscriber the single point of integration for their own data, and the responsible party for changing that data across multiple entities. (That’s basically the heart of VRM.)

This will give each of us a single way to see and manage many subscriptions, see notifications of changes by providers, and make changes across the board with one move. VRM + CRM.

The same goes for customer care service requests. These should be normalized the same way.

In the absence of normalizing how people manage subscription and customer care relationships, all the companies in the world with customers will have as many different ways of doing both as there are companies. And we’ll languish in the login/password hell we’re in now.

The VRM+CRM cost savings to those companies will also be enormous. For a sense of that, just multiply what I went through above by as many people there are in the world with subscriptions, and  multiply that result by the number of subscriptions those people have — and then do the same for customer service.

We can’t fix this inside the separate CRM systems of the world. There are too many of them, competing in too many silo’d ways to provide similar services that work differently for every customer, even when they use the same back-ends from Oracle, Salesforce, SugarCRM or whomever.

Fortunately, CRM systems are programmable. So I challenge everybody who will be at Salesforce’s Dreamforce conference next week to think about how much easier it will be when individual customers’ VRM meets Salesforce B2B customers’ CRM. I know a number of VRM people  who will be there, including Iain Henderson, of the bonus link below. Let me know you’re interested and I’ll make the connection.

And come work with us on standards. Here’s one.

Bonus link: Me-commerce — from push to pull, by Iain Henderson (@iaianh1)

Weighings

A few years ago I got a Withings bathroom scale: one that knows it’s me, records my weight, body mass index and fat percentage on a graph informed over wi-fi. The graph was in a Withings cloud.

I got it because I liked the product (still do, even though it now just tells me my weight and BMI), and because I trusted Withings, a French company subject to French privacy law, meaning it would store my data in a safe place accessible only to me, and not look inside. Or so I thought.

Here’s the privacy policy, and here are the terms of use, both retrieved from Archive.org. (Same goes for the link in the last paragraph and the image above.)

Then, in 2016, the company was acquired by Nokia and morphed into Nokia Health. Sometime after that, I started to get these:

This told me Nokia Health was watching my weight, which I didn’t like or appreciate. But I wasn’t surprised, since Withings’ original privacy policy featured the lack of assurance long customary to one-sided contracts of adhesion that have been pro forma on the Web since commercial activity exploded there in 1995: “The Service Provider reserves the right to modify all or part of the Service’s Privacy Rules without notice. Use of the Service by the User constitutes full and complete acceptance of any changes made to these Privacy Rules.” (The exact same language appears in the original terms of use.)

Still, I was too busy with other stuff to care more about it until I got this from  community at email.health.nokia two days ago:

Here’s the announcement at the “learn more” link. Sounded encouraging.

So I dug a bit and and saw that Nokia in May planned to sell its Health division to Withings co-founder Éric Carreel (@ecaeca).

Thinking that perhaps Withings would welcome some feedback from a customer, I wrote this in a customer service form:

One big reason I bought my Withings scale was to monitor my own weight, by myself. As I recall the promise from Withings was that my data would remain known only to me (though Withings would store it). Since then I have received many robotic emailings telling me my weight and offering encouragements. This annoys me, and I would like my data to be exclusively my own again — and for that to be among Withings’ enticements to buy the company’s products. Thank you.

Here’s the response I got back, by email:

Hi,

Thank you for contacting Nokia Customer Support about monitoring your own weight. I’ll be glad to help.

Following your request to remove your email address from our mailing lists, and in accordance with data privacy laws, we have created an interface which allows our customers to manage their email preferences and easily opt-out from receiving emails from us. To access this interface, please follow the link below:

Obviously, the person there didn’t understand what I said.

So I’m saying it here. And on Twitter.

What I’m hoping isn’t for Withings to make a minor correction for one customer, but rather that Éric & Withings enter a dialog with the @VRM community and @CustomerCommons about a different approach to #GDPR compliance: one at the end of which Withings might pioneer agreeing to customers’ friendly terms and conditions, such as those starting to appear at Customer Commons.

Why personal agency matters more than personal data

Lately a lot of thought, work and advocacy has been going into valuing personal data as a fungible commodity: one that can be made scarce, bought, sold, traded and so on.  While there are good reasons to challenge whether or not data can be property (see Jefferson and  Renieris), I want to focus on a different problem: the one best to solve first: the need for personal agency in the online world.

I see two reasons why personal agency matters more than personal data.

The first reason we have far too little agency in the networked world is that we settled, way back in 1995, on a model for websites called client-server, which should have been called calf-cow or slave-master, because we’re always the weaker party: dependent, subordinate, secondary. Fortunately, the Net’s and the Web’s base protocols remain peer-to-peer, by design. We can still build on those. And it’s early.

A critical start in that direction is making each of us the first party rather than the second when we deal with the sites, services, companies and apps of the world—and doing that at scale across all of them.

Think about how much more simple and sane it is for websites to accept our terms and our privacy policies, rather than to force each of us, all the time, to accept their terms, all expressed in their own different ways. (Because they are advised by different lawyers, equipped by different third parties, and generally confused anyway.)

Getting sites to agree to our own personal terms and policies is not a stretch, because that’s exactly what we have in the way we deal with each other in the physical world.

For example, the clothes that we wear are privacy technologies. We also have  norms that discourage others from, for example sticking their hands inside our clothes without permission.

The fact that adtech plants tracking beacons on our naked digital selves and tracks us like animals across the digital frontier may be a norm for now, but it is also morally wrong, massively rude and now illegal under the  GDPR.

We can easily create privacy tech, personal terms and personal privacy policies that are normative and scale for each of us across all the entities that deal with us. (This is what ProjectVRM’s nonprofit spin-off, Customer Commons is all about.)

Businesses can’t give us privacy if we’re always the second parties clicking “agree.” It doesn’t matter how well-meaning and GDPR-compliant those businesses are. Making people second parties is a design flaw in every standing “agreement” we “accept,” and we need to correct that.

The second reason agency matters more than data is that nearly the entire market for personal data today is adtech, and adtech is too dysfunctional, too corrupt, too drunk on the data it already has, and absolutely awful at doing what they’ve harvested that data for, which is so machines can guess at what we might want before they shoot “relevant” and “interest-based” ads at our tracked eyeballs.

Not only do tracking-based ads fail to convince us to do a damn thing 99.xx+% of the time, but we’re also not buying something most of the time as well.

As incentive alignments go, adtech’s failure to serve the actual interests of its targets verges on the absolute. (It’s no coincidence that more than a year ago, 1.7 billion people were already blocking ads online.)

And hell, what they do also isn’t really advertising, even though it’s called that. It’s direct marketing, which gives us junk mail and is the model for spam. (For more on this, see Separating Advertising’s Wheat and Chaff.)

Privacy is personal. That means privacy is an effect of personal agency, projected by personal tech and personal expressions of intent that others can respect without working at it. We have that in the offline world. We can have it in the online world too.

Privacy is not something given to us by companies or governments, no matter how well they do Privacy by Design or craft their privacy policies. It simply can’t work.

In the physical world we got privacy tech and norms before we got privacy law. In the networked world we got the law first. That’s why the GDPR has caused so much confusion. It’s the regulatory cart in front of the technology horse. In the absence of privacy tech, we also failed to get and the norms that would normally and naturally guide lawmaking.

So let’s get the tech horse back in front of the lawmaking cart. With the tech working, the market for personal data will be one we control.  For real.

If we don’t do that first, adtech will stay in contol. And we know how that movie goes, because it’s a horror show and we’re living in it now.

 

GDPR Hack Day at MIT

Our challenge in the near term is to make the GDPR work for us “data subjects” as well as for the “data processors” and “data controllers” of the world—and to start making it work before the GDPR’s “sunrise” on May 25th. That’s when the EU can start laying fines—big ones—on those data processors and controllers, but not on us mere subjects. After all, we’re the ones the GDPR protects.

Ah, but we can also bring some relief to those processors and controllers, by automating, in a way, our own consent to good behavior on their part, using a consent cookie of our own baking. That’s what we started working on at IIW on April 5th. Here’s the whiteboard:

Here are the session notes. And we’ll continue at a GDPR Hack Day, next Thursday, April 26th, at MIT. Read more about and sign up here. You don’t need to be a hacker to participate.

The most leveraged VRM Day yet

VRM Day is coming up soon: Monday, 2 April.

Register at that link. Or, if it fails, this one. (Not sure why, but we get reports of fails with the first link on Chrome, but not other browsers. Go refigure.)

Why this one is more leveraged than any other, so far:::

Thanks to the GDPR, there is more need than ever for VRM, and more interest than ever in solutions to compliance problems that can only come from the personal side.

For example, the GDPR invites this question: What can we do as individuals that can put all the companies we deal with in compliance with the GDPR because they’re in compliance withour terms and our privacy policies? We have some answers, and we’ll talk about those.

We also have two topics we need to dive deeply into, starting at VRM Day and continuing over the following three days at IIW, also at the Computer History Museum. These too are impelled by the GDPR.

First is lexicon, or what the techies call ontology: “a formal naming and definition of the types, properties, and interrelationships of the entities that really exist in a particular domain of discourse.” In other words, What are we saying in VRM that CRM can understand—and vice versa? We’re at that point now—where VRM meets CRM. On the table will be not just be the tools and services customers will use to make themselves understood by the corporate systems of the world, but the protocols, standard code bases, ontologies and other necessities that will intermediate between the two.

Second is cooperation. The ProjectVRM wiki now has a page called Cooperative Work that needs to be substantiated by actual cooperation, now that the GDPR is approaching. How can we support each other?

Bring your answers.

See you there.

2018: When Customers Finally Take Charge

In Spring of 2012, Harvard Business Review Press published The Intention Economy: When Customers Take Charge. Not long after that, word came from  The Wall Street Journal that Robert James Thomson, then Managing Editor of the paper, wanted to use the opening  chapter of the book as a cover essay for the paper’s Review section.  Amazon at the time was already giving that chapter away as a teaser for book sales, so I ended up compressing the whole book to a single 2000-word piece.  Here’s how the cover looked:

I thought, “Holy shit, that looks like the cover of Dianetics or something.” Also, “I never would have used that headline.”

But that’s why they pay big bucks to headline writers. That one proved so terrific that I want to use it as the title of my next book, to follow up on The Intention Economy now that it’s finally about to happen.

The timing is right because tectonic shifts now shaking business were twelve years in the future when I started ProjectVRM (in Fall of 2006) and six years in the future when The Intention Economy came out.

Let’s frame those shifts with a pair of graphics from Larry Lessig‘s 1999 book Code and Other Laws of Cyberspace, and its successor in 2005, Code v2. The first is this dot, representing the individual:

The second is this graphic, representing four constraints on the individual:

Each of those four ovals, Larry wrote, constrain or regulate what the individual can do in the networked world.

With ProjectVRM, our work is about turning around those arrows, empowering individuals to exert influence—or agency (the power to operate with full effect)—in all four directions:

In other words, to be a god.

In Code, Larry explains the four constraints with the example of smoking:

If you want to smoke, what constraints do you face? What factors regulate your decision to smoke or not?

One constraint is legal. In some places at least, laws regulate smoking—if you are under eighteen, the law says that cigarettes cannot be sold to you…

But laws are not the most significant constraints on smoking. Smokers in the United States certainly feel their freedom regulated… Norms say that one doesn’t light a cigarette in a private car without first asking permission of the other passengers…

The market is also a constraint. The price of cigarettes is a constraint on your ability to smoke —change the price, and you change this constraint…

Finally, there are the constraints created by the technology of cigarettes, or by the technologies affecting their supply… How the cigarette is, how it is designed, how it is built —in a word, its architecture—affects the constraints faced by a smoker.

Thus, four constraints regulate this pathetic dot—the law, social norms, the market, and architecture—and the “regulation” of this dot is the sum of these four constraints. Changes in any one will affect the regulation of the whole… A complete view, therefore, must consider these four modalities together.

But the Internet was not designed for pathetic dots. By specifying little more than how data is addressed and moved between any two points in the world, across any variety of networks, the Internet gave every conscious entity on that world a lever so huge  Archimedes could only imagine it. I explain this in How tools for customers have more leverage than tools for business alone:

Archimedes said “Give me a place to stand and a lever long enough and I can move the world.”

Alas, Archimedes didn’t have that place. Now all of us do. It’s called the Internet.

Before the Internet, the best way to improve business was with better tools and services for businesses, or with new businesses to disrupt or compete with existing ones.

With the Internet, we can improve customers. In fact, that’s where we started when the Internet showed up in its current form, on 30 April 1995. (That’s when the Net could start supporting all forms of data traffic, including the commercial kind.) The three biggest tools giving customers leverage back then (and still today) were browsers, email and the ability to do anything any company could, starting with publishing.

But then we did what came most easily to business back in the Industrial Age: create new businesses and improve old ones. Nothing wrong with that, of course. Just something inadequate.

Worse, we created giant businesses that only gave customers leverage inside their walled gardens. By now we’ve lived so long inside Google, Apple, Facebook and Amazon (called GAFA in Europe) that we can hardly think outside their boxes.

But if we do, we can see again what the promise of the Net was in the first place: Archimedes-grade power for everybody. And there are a lot more customers than companies in that population.

This is why a bunch of us have been working, through ProjectVRM, on tools that make customers both independent and better able to engage with business.

Now let’s look at one changed constraint: Law.

The tectonic shift happening there is the General Data Protection Regulation, or GDPR. It was created by the European Union to constrain what  Shoshana Zuboff calls surveillance capitalism. Nearly all that surveillance is for the purpose of providing ways to aim ads at tracked eyeballs wherever they go. The GDPR forbids doing that, and imposes potentially massive fines for violations—up to 4% of global revenues over the prior year. I am sure Google, Facebook and lesser purveyors of advertising online will find less icky ways to stay in business; but it is becoming clear that next May 25, when the GDPR goes into full effect, will be an extinction-level event for tracking-based advertising (aka adtech) as a business model.

But there is a silver lining for advertising in the GDPR’s mushroom cloud, in the form of the oldest form of law in the world: contracts. These are agreements that any two parties can form with each other.

So, if an individual proffers a term to a publisher that says,

—and that publisher agrees to it, that publisher is compliant with the GDPR, plain and simple. (I unpack how this works in Good news for publishers and advertisers fearing the GDPR and in many other pieces in the People vs. Adtech series.)

Those terms will live at Customer Commons, a non-profit spin-off of ProjectVRM. “CuCo” was created to do for personal terms what Creative Commons did, and still does, for personal copyright. (Creative Commons was a brainchild of Larry Lessig when he was a fellow at the Berkman Klein Center. We steal from the best.)

Our goal is to have our first agreement—the one two paragraphs up—working for both readers and publishers before the GDPR deadline in May. We have help toward that from the Cyberlaw Clinic at Harvard Law School and the Berkman Klein Center, from other friendly legal folk, and from equally friendly techies, such as those behind the JLINC protocol.

If publishers accept this olive branch from individuals (who are no longer mere “consumers” or “users”), it will demonstrate how existing law and a simple new architecture can alter both markets and norms in ways that make the world better for everybody.

In October 2016, I announced  the end of ProjectVRM’s Phase One and the start of Phase Two.

Making VRM happen in 2018  will complete Phase Two. At the end of it our original thesis—that free customers are more valuable than captive ones—will either prove out or wait for other projects to do the job. Either way we’ll be done. All projects need an end, and this will be ours.

I believe free customers will prove more valuable than captive ones—to themselves, and to everyone else—for two reasons. One is that the Internet was designed to prove it in the first place (and no amount of screwage by governments or service providers can stuff that genie back in the bottle). The other is what I just tweeted here:

Services providing countless different ways for countless different businesses to provide good “customer experiences” () can’t answer the customer’s need for one way to deal with all of them. In fact, they only make things worse with every new login and “loyalty” program.

In other words, we need #customertech. Simple as that. That’s the lever that makes each of us an Archimedes. We’ll get it, from one or more of the projects and companies already on our developments list—and from others who will come along to answer a need that has been in the market since long before the Internet showed up.

So consider this is a recruitment post. We have a lot of work to do in a very short time.

 

 

Older posts

© 2019 ProjectVRM

Theme by Anders NorenUp ↑